Security News

ZL Technologies announced enhancements to the ZL UA Compliance platform that significantly strengthen the email review process for compliance departments. A flexible review pipeline for compliance departments, ensuring flagged communications are defensibly managed.

Attacks delivered via email are extremely common and the fact is that many popular security solutions are just not handling these attacks well enough, missing 20-40% of the new attacks emerging every day. Assessing your email vulnerability is a critical step in evaluating your overall security posture.

Despite this lack of security, a survey conducted by encryption security provider NordLocker found email the most popular way to share files. In a survey about file sharing and security directed toward 1,400 adults, NordLocker discovered that 58% of those in the US and 56% of those in UK use email as the most common method of sharing files.

A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month, with emails that get around secure gateway protections and heavy-hitting protections like DMARC. The campaign involves emails that ask recipients to update their email addresses, warning users that their accounts could be recycled if this isn't done. "This ensured that the email wasn't caught in the bulk email filters provided by native Microsoft email security or the Secure Email Gateway."

COVID-related attacks increased 436% between the second and third weeks of March 2020, with an average 173% week-over-week increase during the quarter, according to Abnormal Security. Attackers also adjusted their targets, with attacks on finance employees increasing more than 75% as attacks on C-Suite executives decreased by 37%. This illustrates a trend away from paycheck and engagement fraud and toward payment fraud, specifically invoice fraud attacks, which increased more than 75%. "The email security trends we witnessed during Q1 are most certainly related to the COVID-19 pandemic and the shift to work from home, but they also reflect greater sophistication and attack strategy by threat actors," said Evan Reiser, CEO, Abnormal Security.

BitDam announced that it is available to small to medium-sized enterprises to provide an additional layer of defense against email-based cyber-attacks. BitDam stops unknown threats, even detecting the 25% of unknown threats that other solutions miss, and patches important security holes in SME email and other collaboration platforms.

BEC campaigns represent a relatively small percentage of all email attacks yet pose the greatest financial risk, says Abnormal Security. One less common but potentially more dangerous attack type is the Business Email Compromise.

The recent attack which saw Norway's state-owned investment fund, Norfund, lose an eye-watering USD 10 million was down to a simple but devastatingly effective tactic used by cybercriminals: a spoofed email address. These attacks, known as business email compromise work because they prey on human nature, the innate psychological traits shared by everyone.

Cyberattackers are seizing upon the 24-hour news cycle again in order to capitalize on the current zeitgeist - this time with a fake Black Lives Matter malspam campaign that distributes the TrickBot malware. The messages use a grammatically challenged subject line, "Vote anonymous about Black Lives Matter," or "Leave a review confidentially about Black Lives Matter," and purport to contain a survey document.

Security vendor Mimecast has released its fourth annual State of Email Security report for 2020. The report is filled with data about email security, but for those looking for action items Mimecast has provided a list of 10 takeaways that point out particular risks and provide IT security decision makers with some avenues to focus on in the coming months.